We should apply especially strict limiting to routes that allower username guessing (e.g. registerUser, changeEmail)
We may need to disable limiting or allow for lots of requests on some routes, such as changing the map's zoom/position, which are very lightweight and may happen frequently.
Add rate limiting to our routes to improve security. https://www.npmjs.com/package/hapi-rate-limitor seems to be a good library for it